Buffer Copy Vulnerability in QNAP Operating System
CVE-2024-37041

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating System
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability has been identified in various versions of the QNAP operating system, characterized by a buffer copy that does not adequately verify the size of the input. If exploited by remote attackers who manage to gain administrator access, this flaw could enable the execution of arbitrary code, potentially compromising system integrity and security. QNAP has addressed this vulnerability in the latest updates, advising affected users to upgrade to QTS 5.2.1.2930 build 20241025 or later, or to QuTS hero h5.2.1.2929 build 20241025 or later, to mitigate risk.

References

https://www.qnap.com/en/security-advisory/qsa-24-43

Timeline

Vulnerability published
Nov 22, 2024